Red Hat: Security update for Apache Axis

Apache Axis is an implementation of SOAP (Simple Object Access Protocol). It can be used to build both web service clients and servers. Apache Axis did not verify that the server hostname matched the domain name in the subject’s Common Name (CN) or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name.